We're aware that some users are experiencing technical issues which the team are working to resolve. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Help. Cant remove virus

Options
AVG has detected this: C\windows 32\logonui.exe luhe.gen.b which I think is same thing, I read that apparently its connected to when you log on and off. AVG cant remove and states I will have to do this manually. I have no idea how to do this.

Is there a program I can download that will do this for me? only AVG will not remove as it states its connected to the system, now if that dont trust itself as a virus program what chance have I got or removal without wiping my pc or something?

Thanks
«1

Comments

  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    Upload the file to virustotal so others scanners can scan it - to rule out a false poistive by AVG.

    C:\windows\system32\logonui.exe

    https://www.virustotal.com/en/
  • it says on avg that it the dirty file has been replaced by the good file so cant be fixed. bloody computers and viruses.
  • Ladywriter1968
    Ladywriter1968 Posts: 913 Forumite
    edited 27 February 2013 at 10:58PM
    waddler_8 wrote: »
    Upload the file to virustotal so others scanners can scan it - to rule out a false poistive by AVG.

    C:\windows\system32\logonui.exe

    https://www.virustotal.com/en/

    I dont know how to get the logonui file in the bar to search for it? I dont know where it is in the system as so many files and it says upload file?

    ok worked it out thank you
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    Did you upload it?

    It might be a false positive.

    If it is infected, then it will need replacing with a clean copy. You can't delete it as it is a system file.

    Again, if it is infected then it may be a pointer to other files being infected too.
  • info received, now what do I do?


    SHA256: dc3bf76c5b5256669b60808536ed3458d86765c606a9d482ee9c92ace99face2
    File name: LOGONUI.EXE
    Detection ratio: 8 / 45
    Analysis date: 2013-02-27 21:57:39 UTC ( 1 minute ago )
    0 0
    More details
    Analysis
    Additional information
    Comments
    Votes
    Antivirus Result Update
    Agnitum - 20130227
    AntiVir TR/Crypt.XPACK.Gen 20130227
    Antiy-AVL - 20130227
    Avast - 20130227
    AVG Suspicion: unknown virus 20130227
    BitDefender - 20130227
    ByteHero - 20130227
    CAT-QuickHeal - 20130227
    ClamAV - 20130227
    Commtouch - 20130227
    Comodo - 20130227
    DrWeb - 20130227
    Emsisoft - 20130227
    eSafe - 20130211
    ESET-NOD32 - 20130227
    F-Prot - 20130227
    F-Secure - 20130227
    Fortinet - 20130227
    GData - 20130227
    Ikarus Virus.Win32.Virut 20130226
    Jiangmin - 20130227
    K7AntiVirus - 20130227
    Kaspersky - 20130227
    Kingsoft Win32.Troj.Generic.(kcloud) 20130225
    Malwarebytes - 20130227
    McAfee - 20130227
    McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.K 20130227
    Microsoft - 20130227
    MicroWorld-eScan - 20130227
    NANO-Antivirus - 20130227
    Norman Suspicious_Gen4.ATYUF 20130227
    nProtect Trojan/W32.Jorik.542208 20130227
    Panda - 20130227
    PCTools - 20130225
    Rising - 20130227
    Sophos - 20130227
    SUPERAntiSpyware - 20130227
    Symantec - 20130227
    TheHacker - 20130226
    TotalDefense - 20130227
    TrendMicro - 20130227
    TrendMicro-HouseCall - 20130227
    VBA32 - 20130227
    VIPRE Backdoor.IRCBot 20130227
    ViRobot - 20130227
  • waddler_8 wrote: »
    Did you upload it?

    It might be a false positive.

    If it is infected, then it will need replacing with a clean copy. You can't delete it as it is a system file.

    Again, if it is infected then it may be a pointer to other files being infected too.

    on crap crap crap! say I say badder words, that means I will have to reinstall all? and lose everything all my work.... excuse me but bloody !!!!!!!s out there doing this.

    What if I take to pc man shop maybe he can do it without me losing all, as I aint a clue on that part!

    Thank you for your help
  • waddler_8 wrote: »
    Did you upload it?

    It might be a false positive.

    If it is infected, then it will need replacing with a clean copy. You can't delete it as it is a system file.

    Again, if it is infected then it may be a pointer to other files being infected too.

    I have a bad feeling here, as think other files are sick to.
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    Yes, that doesn't look good to be honest, one mentions Virut - a true file infecting virus. If it is, the best thing to do is backup your personal docs and restore/reinstall windows.

    Go here

    http://www.eset.co.uk/Antivirus-Utilities/Online-Scanner

    • Click on Scan now.
    • Select the option YES, I accept the Terms of Use then click on: START
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:

      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology

    • Now click on: START
    • The virus signature database will begin to download.
    • When completed the Online Scan will begin automatically.
    • When completed make sure you first copy the logfile located at
      C:\Program Files\ESET\EsetOnlineScanner\log.txt
    • Copy and paste that log here.
  • macman
    macman Posts: 53,129 Forumite
    Part of the Furniture 10,000 Posts Name Dropper
    Do you not have a back up of your data already? The time to back up is before disaster strikes, not after.
    No free lunch, and no free laptop ;)
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    Hopefully the OP does have backups as a reinstall is by far the best choice when it comes to Virut (If it is confirmed as a Virut variant).

    http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=win32%2fvirut

    http://miekiemoes.blogspot.co.uk/2009/02/virut-and-other-file-infectors-throwing.html
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350.6K Banking & Borrowing
  • 253K Reduce Debt & Boost Income
  • 453.4K Spending & Discounts
  • 243.6K Work, Benefits & Business
  • 598.4K Mortgages, Homes & Bills
  • 176.8K Life & Family
  • 256.8K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.